package com.aaa.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

// securedEnabled 安全注解
@RestController
@RequestMapping("s")
public class SecuredController {

    // 默认都可以访问
    @RequestMapping("/m1")
    public String m1(){
        return "m1";
    }

    // 角色是ROLE_ADMIN的用户可以访问该方法
    @Secured("ROLE_ADMIN")
    @RequestMapping("/m2")
    public String m2(){
        return "m2";
    }

    @Secured("ROLE_TEST")
    @RequestMapping("/m3")
    public String m3(){
        return "m3";
    }

    @Secured({"ROLE_TEST","ROLE_ADMIN"})
    @RequestMapping("/m4")
    public String m4(){
        return "m4";
    }

    // 角色必须是ROLE_xxx开头
    @Secured({"ADMIN"})
    @RequestMapping("/m5")
    public String m5(){
        return "m5";
    }

    // 不能判断权限
    @Secured({"select"})
    @RequestMapping("/m6")
    public String m6(){
        return "m6";
    }
}
